) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:vbulletin:vbulletin:5.6.3:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-39777 |
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. Published: September 15, 2023; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2020-25124 |
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. Published: September 03, 2020; 2:15:15 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25123 |
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. Published: September 03, 2020; 2:15:15 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25122 |
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25121 |
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25120 |
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25119 |
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25118 |
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25117 |
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25116 |
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-25115 |
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. Published: September 03, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2010-1077 |
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. Published: March 23, 2010; 3:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |